Mitigating DDoS Attacks in Cloud Networks
DOI:
https://doi.org/10.15662/IJEETR.2021.0304003Keywords:
DDoS, cloud networks, mitigation, traffic filtering, anomaly detection, AI, BlockchainAbstract
Distributed Denial of Service (DDoS) attacks represent a significant and growing threat to cloud networks, capable of causing extensive service disruptions and substantial financial and reputational damage. These attacks leverage multiple compromised devices to flood a target with malicious traffic, overwhelming its resources and rendering services unavailable to legitimate users. As cloud computing becomes increasingly integral to business operations, the need for effective DDoS mitigation strategies has never been more critical.
This paper delves into the multifaceted nature of DDoS attacks, categorizing them into volumetric, protocol, and application layer attacks, each with distinct characteristics and impacts. It examines the specific vulnerabilities of cloud networks to these attacks, highlighting the unique challenges posed by their distributed and scalable nature.
To combat these threats, a multi-layered approach to DDoS mitigation is essential. This includes traffic filtering and rate limiting to control the flow of traffic, anomaly detection and machine learning algorithms to identify and respond to attacks in real-time and leveraging the inherent scalability of cloud infrastructure to absorb and distribute attack traffic. Additionally, the use of Content Delivery Networks (CDNs) and specialized DDoS protection services can provide robust defenses against these attacks.
Looking ahead, the paper explores future advancements in DDoS mitigation, emphasizing the potential of AI-driven mitigation tools, blockchain technology for creating decentralized and tamper-proof networks, advanced threat intelligence for proactive defense, and enhanced collaboration between cloud service providers, security vendors, and organizations.
By providing a comprehensive understanding of DDoS attacks and the strategies to mitigate them, this research aims to equip organizations with the knowledge and tools necessary to protect their cloud networks. As DDoS attacks continue to evolve, staying ahead of these threats will require continuous innovation and adaptation in mitigation techniques.
References
1. Chang RKC. Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE; 2002 Oct 01. doi: 10.1109/mcom.2002.1039856.
2. Somani G, Gaur MS, Sanghi D, Conti M, Rajarajan M, Buyya R. Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE; 2017 Jan 01. doi: 10.1109/mcc.2017.14.
3. Swami R, Dave M, Ranga V. Software-defined networking-based DDoS defense mechanisms. ACM Comput Surv. 2019 Apr 09;52(2):1. doi: 10.1145/3301614.
4. Khan S, Almogren A, Alajmi MF. Using cloud computing to improve network operations and management. IEEE; 2015 Feb 01. doi: 10.1109/nsitnsw.2015.7176418.
5. Gupta BB, Joshi RC, Misra M. Distributed denial of service prevention techniques. Cornell University; 2012 Jan 01. doi: 10.48550/arXiv.1208.
6. Huyn J. A scalable real-time framework for DDoS traffic monitoring and characterization. ACM; 2017 Dec 01. doi: 10.1145/3148055.3149205.
7. Wang D, Chen D, Guo R. DDoS mitigation in content distribution networks. Inderscience Publishers; 2013 Jan
01. doi: 10.1504/ijwmc.2013.057397.
8. Somani G, Gaur MS, Sanghi D, Conti M, Buyya R. DDoS attacks in cloud computing: issues, taxonomy, and future directions. Comput Commun. 2017 Mar 31;107:30–50. doi: 10.1016/j.comcom.2017.03.010.
9. Bhuyan MH, Kashyap HJ, Bhattacharyya DK, Kalita J. Detecting distributed denial of service attacks: methods, tools, and future directions. Comput J. 2013 Mar 28;56(1):13–29. doi: 10.1093/comjnl/bxt031.
10. Tariq U, Hong M, Lhee K. A comprehensive categorization of DDoS attack and DDoS defense techniques. Lect Notes Comput Sci. 2006;4060:1025–
34. doi: 10.1007/11811305_112.
11. Mitigating Slowloris. 2009 Jul. Available from: https://insights.sei.cmu.edu/blog/mitigating-slowloris/
12. Vormayr G, Zseby T, Fabini J. Botnet communication patterns. IEEE Commun Surv Tutor. 2017 Jan 01;19(1):1–16. doi: 10.1109/comst.2017.2749442.
13. MacFarland DC, Shue CA, Kalafut AJ. The best bang for the byte: characterizing the potential of DNS amplification attacks. Comput Netw. 2017 Feb 16;116:83–97. doi: 10.1016/j.comnet.2017.02.007.
14. Rudd EM, Rozsa A, Günther M, Boult TE. A survey of stealth malware attacks, mitigation measures, and steps toward autonomous open world solutions. IEEE Commun Surv Tutor. 2016 Dec 08;18(4):2627–42. doi: 10.1109/comst.2016.2636078.
15. Darwish M, Ouda A, Capretz LF. Cloud-based DDoS attacks and defenses. Cornell University; 2015 Jan 01. doi: 10.48550/arXiv.1511.
16. Matsukawa T, Hiroyuki F, Koshiji K. Evaluating downtime and maintenance time in communication networks. IEEE; 2011 Jan 01. doi: 10.1109/rams.2011.5754491.
17. Verisign Inc. DDoS cost analysis. 2012 May. Available from: https://verisigninc.com/assets/whitepaper-ddos- costanalysis.pdf
18. Horn IS, et al. Business reputation and social media: a primer on threats and responses. Springer Science+Business Media; 2015 Jan 01. doi: 10.1057/dddmp.2015.1.
19. Devi BSK, Subbulakshmi T. DDoS attack detection and mitigation techniques in cloud computing environment. IEEE; 2017 Dec 01. doi: 10.1109/iss1.2017.8389464.
20. Ku C, Chen TC. The risk management strategy of applying cloud computing. Int J Adv Comput Sci Appl. 2012 Jan 01;3(9):38–45. doi:
10.14569/ijacsa.2012.030903.
21. Duncan B, Zhao Y. Risk management for cloud compliance with the EU General Data Protection Regulation. 2018 Jul 01. doi: 10.1109/hpcs.2018.00109.
22. Zeb K, Baig O, Asif M. DDoS attacks and countermeasures in cyberspace. IEEE; 2015 Mar 01. doi: 10.1109/wswan.2015.7210322.
23. Cha B, Kim J. Study of multistage anomaly detection for secured cloud computing resources in future internet. In: DASC; 2011 Dec 01. p. 1–6. doi: 10.1109/dasc.2011.171.
24. Rose S, Borchert O, Mitchell S, Connelly S. Zero Trust
Architecture. NIST Special Publication 800-207; 2020 Aug. doi: 10.6028/nist.sp.800-207.
25. Mirković J, et al. Testing a collaborative DDoS defense in a red team/blue team exercise. IEEE; 2008 Jun 24. doi: 10.1109/tc.2008.42.
26. Atasever S, Özçelik İ, Sağıroğlu Ş. An overview of machine learning based approaches in DDoS detection. IEEE; 2020 Oct 05. doi: 10.1109/siu49456.2020.9302121.
27. Park J, Park JH. Blockchain security in cloud computing: use cases, challenges, and solutions. Symmetry. 2017 Aug 18;9(8):164. doi: 10.3390/sym9080164.
28. One in five firms hit by APTs. 2014 Jul 01. Elsevier BV. doi: 10.1016/s1353-4858(14)70065-0.
29. Carlin AP, Hammoudeh M, Aldabbas O. Defence for distributed denial of service attacks in cloud computing. Comput Sci. 2015 Jan 01;56:42–8. doi: 10.1016/j.procs.2015.12.037.
30. Albugmi A, Alassafi MO, Walters RJ, Wills G. Data security in cloud computing. IEEE; 2016 Aug 01. doi: 10.1109/fgct.2016.7605062.
31. Fraley JB, Cannady J. The promise of machine learning in cybersecurity. IEEE; 2017 Mar 01. doi: 10.1109/secon.2017.7925283.
32. Wang C, Yao H, Liu Z. An efficient DDoS detection based on SU-Genetic feature selection. Cluster Comput. 2019;22:2505–15. doi: 10.1007/s10586-018-2275-z.
33. Ahmed A, Ahmed H. A proposed model for controlling distributed denial of service attack on cloud computing. In: 2019 Int Conf Eng Emerg Sci Technol. 2019;1–4.
34. Yu S, Tian Y, Guo S, Wu D. Can we beat DDoS attacks in clouds? IEEE Trans Parallel Distrib Syst. 2014 Sep;25(9):2245–54. doi: 10.1109/TPDS.2013.291.
35. Zargar ST, Joshi J, Tipper D. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun Surv Tutor. 2013;15(4):2046–69. doi:
10.1109/SURV.2013.031413.00127.
36. Almusawi AA, Al-Kadhemy MA, Al-Husseini AA. A survey of DDoS attacks and defenses in cloud systems. In: 2018 Int Conf Adv Sci Eng (ICOASE); Duhok, Iraq; 2018. p. 1–6. doi: 10.1109/ICOASE.2018.8548919.
